The confidentiality, integrity and availability of information systems must be ensured to protect the business from the risks relating to information technology. An IS audit helps to identify areas where these are vulnerable or inadequately protected through systematic examination and evaluation.

The dependence of today’s enterprises on IT is significant. For an organization that uses IT extensively for its operations, not just recording of transactions, the nonavailability of its information systems could mean the end of its existence. Even for other organizations, there would surely be varied negative impacts.

Hence, availability is one of the major criteria for IS audit. Availability is ensured through various means, technologies and processes—all broadly covered under the umbrella of business continuity and disaster recovery.

Business Continuity Plan (BCP)

Every organization should have a business continuity plan that seeks to ensure that its information systems are available and running at all times to support and enable the business to function and grow. In spite of all precautions and preventive controls, disasters can occur. Some disasters cannot be controlled and/or prevented. In such cases, the business continuity plan should also enable recovery of information systems within an acceptable time frame to avoid any serious damage to the business.

An IS audit of business continuity is essentially an audit of this plan with reference to the adequacy, completeness and appropriateness of the plan; availability of the processes and people to implement the plan; its testing; and the verification of the various day-to-day functions that need to be performed to make the plan effective and ready at all times.

Trackback(0)

TrackBack URI for this entry

Comments (0)

Subscribe to this comment's feed

Write comment